08-11-2011 06:34 PM
28 12
tools
  1. Mattykinsx's Avatar
    Just in case you guys don't check permissions when you update apps, or if you just have your apps set to automatically update, you should be made aware of Facebook app permission changes.

    Any version AFTER 1.5.4 now has these permissions:


    send SMS messages

    Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.

    receive SMS

    Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.

    read SMS or MMS

    Allows application to read SMS messages stored on your device or SIM card. Malicious applications may read your confidential messages.

    edit SMS or MMS

    Allows application to write to SMS messages stored on your device or SIM card. Malicious applications may delete your messages.


    Source click permissions tab.


    For those interested I have provided the Facebook 1.5.4 apk which doesn't have these ridiculous permissions.

    EDIT: Apparently the site won't let me upload the APK?

    http://forum.xda-developers.com/atta...9&d=1312681512
    08-08-2011 08:16 AM
  2. cgardnervt's Avatar
    How I miss my WebOS Facebook app! I did update and I have not had any issues yet! Then again I'm pretty careful about what I do on there.
    08-08-2011 09:17 AM
  3. Mattykinsx's Avatar
    How I miss my WebOS Facebook app! I did update and I have not had any issues yet! Then again I'm pretty careful about what I do on there.
    I'm not sure what you mean about not having any issues....


    The app has the ability to read, edit, delete, and even send SMS and MMS messages.
    08-08-2011 09:56 AM
  4. cgardnervt's Avatar
    I know that. I have not had it do anything to my phone yet. Such as delete my SMS and MMS messages.
    08-08-2011 02:13 PM
  5. Mattykinsx's Avatar
    I know that. I have not had it do anything to my phone yet. Such as delete my SMS and MMS messages.
    lol I don't think that's the point of this warning.
    Why does the Facebook app have these permissions?

    It can read texts and pictexts dude.
    08-08-2011 04:15 PM
  6. DenverRalphy's Avatar
    I guess you aren't aware that FB has an optional feature to send SMS notifications and status updates to your phone (configurable from your FB page). You can also send status updates and pics to FB via SMS/MMS too.

    It's for those occasions you don't have data or wifi, but you have cell service.
    08-08-2011 05:49 PM
  7. Mattykinsx's Avatar
    I guess you aren't aware that FB has an optional feature to send SMS notifications and status updates to your phone (configurable from your FB page). You can also send status updates and pics to FB via SMS/MMS too.

    It's for those occasions you don't have data or wifi, but you have cell service.
    Yeaaaaah and that has what to do with the app having those permissions?
    Nothing, at all.

    The SMS features you're talking about have existed for years...these permissions for the app have existed since the update from 1.5.4.

    No relation.
    08-08-2011 05:54 PM
  8. DenverRalphy's Avatar
    Yeaaaaah and that has what to do with the app having those permissions?.
    Oh I dunno.... maybe so the FB app can process those SMS messages without having to run their own background service to cut down on battery consumption an avoid any redunancy? That'd be the smartest way to do it.

    But hey. If you want to wear your tinfoil hat and worry that an app from a recognizably reliable source is suddenly malicious... run with that.
    08-08-2011 06:03 PM
  9. Mattykinsx's Avatar
    Oh I dunno.... maybe so the FB app can process those SMS messages without having to run their own background service to cut down on battery consumption an avoid any redunancy? That'd be the smartest way to do it.

    But hey. If you want to wear your tinfoil hat and worry that an app from a recognizably reliable source is suddenly malicious... run with that.
    Dude, the Facebook app doesn't even interact with those texts at all


    You do NOT have to have the app installed to use SMS or mms functionality with the website.

    THEY ARE IN NO WAY INTERRELATED

    Moreover there is NO NEW FEATURE dealing with mms or sms with the app on the newest versions.

    I'm not sure you know what you're talking about.

    Furthermore, Facebook is a reliable source? Yeah maybe for privacy scares and selling your data and photos. :rolleyes:
    08-08-2011 06:31 PM
  10. BlackHawkA4's Avatar
    I'm pretty sure there is a reason behind; or, mistake behind this.

    However, facebook blows to begin with. So if you don't like it.. use the website. It's exactly the same.

    And relax... it's just facebook.... what kind of privacy did you have before with it. None...
    08-08-2011 07:46 PM
  11. Mattykinsx's Avatar
    I'm pretty sure there is a reason behind; or, mistake behind this.

    However, facebook blows to begin with. So if you don't like it.. use the website. It's exactly the same.

    And relax... it's just facebook.... what kind of privacy did you have before with it. None...
    Relax? An app sneaks in permissions to read edit delete and send text messages, an app that millions use and comes preinstalled on many phones and you say relax?

    Ridiculous.
    08-08-2011 08:10 PM
  12. EvilMonkey's Avatar
    I too think you need to relax. You've done your due diligence and notified us (and several other forums as well from my quick google search regarding the permission). The effort and notification is appreciated, and now it's up to us to decide if we wish to continue using it.

    IMO, it's
    • A mistake and some developer got overly ambitious about requesting permissions
    • Laying groundwork for future functionality: like for example (and I'm just making this up) being able to text your friends from the app or pull up a friend in the app and see your conversations with that friend. There are already several third party FB apps like this one that allow this, so won't be surprised if the official app supports it in the future, and it's not unheard of for apps to lay groundwork for this stuff before actually releasing it.
    • It's far more nefarious, and Facebook is sending all SMS info on our phones to their alien overlords whose army of killing machines will use that information against us as they sweep over the planet, bathing us in our blood while subjugating the human race.


    Like I said, appreciate the heads-up about it.
    08-09-2011 07:52 AM
  13. cgardnervt's Avatar
    All I was saying is I did not have a problem with this. I mean the internet isn't private anyways. So putting your phone online is a choice you have. You could always go back to a Java based OS or just not use Facebook I guess...Didn't mean to **** anybody off.

    Sorry!
    08-09-2011 08:56 AM
  14. BlackHawkA4's Avatar
    All I was saying is I did not have a problem with this. I mean the internet isn't private anyways. So putting your phone online is a choice you have. You could always go back to a Java based OS or just not use Facebook I guess...Didn't mean to **** anybody off.

    Sorry!
    +1.

    If it bothers anyone so much: go to the Market, go to the Facebook app; scroll down: email developer and ask why. Then let us know.
    08-09-2011 06:58 PM
  15. BlackHawkA4's Avatar
    Here. No one has the worry anymore. It will soon be over.

    Hacker group vows to 'kill Facebook' - CNN.com
    08-09-2011 08:33 PM
  16. Mattykinsx's Avatar
    +1.

    If it bothers anyone so much: go to the Market, go to the Facebook app; scroll down: email developer and ask why. Then let us know.
    I did. Its a dead email address.

    I posted on the "Facebook developer wall" the other day...no reply either.


    Sad that people are blowing this off.
    08-09-2011 08:49 PM
  17. Mattykinsx's Avatar
    08-11-2011 12:06 AM
  18. z71kris's Avatar
    when I checked mine, not all of my contacts from my phone there, I would guess it is just the people who have entered their number in facebook. Because I am FB friends with some people but dont have their contact info in my phone.
    08-11-2011 08:03 AM
  19. Mattykinsx's Avatar
    when I checked mine, not all of my contacts from my phone there, I would guess it is just the people who have entered their number in facebook. Because I am FB friends with some people but dont have their contact info in my phone.
    I have NEVER entered my number into Facebook and they all were there.

    Its much more likely that Facebook is still rolling out the feature and it hasn't "come to you" yet.
    08-11-2011 08:15 AM
  20. z71kris's Avatar
    yeah, I dont know i have version 1.6.3
    08-11-2011 08:55 AM
  21. Mattykinsx's Avatar
    yeah, I dont know i have version 1.6.3
    I don't like the NY times and this guy's "points" are ridiculous but at least this is confirmation of what's being said:

    The Facebook Scare That Wasn't - NYTimes.com

    I particularly like this part:

    Now, there is one thing Facebook is doing that some people might feel a little skeptical about: Facebook has the phone numbers of people who are not on Facebook. Let’s say you have a friend named George Washington. And let’s say that George is not on Facebook and wants nothing to do with Facebook. Well, if you’ve let Facebook sync up to your phone’s contact list, Facebook is going to have George’s first and last name (assuming that’s how you’ve entered him into your phone) and his phone number. George may not be all too pleased about that.

    Clearly this is the point of them having this "feature" so why again do they have it?
    08-11-2011 09:11 AM
  22. EvilMonkey's Avatar
    While i seems fishy, I'm sure it's for their messaging app that came out a couple of days ago (so I can SMS people through Facebook now).

    Not a big fan though. Oddly enough, they give instructions on how to remove the functionality, but it seems to be iPhone specific as I can't find the option i n my phone's app. EDIT: Found it: If you just go into the app's settings and turn off "Sync Contacts" (last item at the bottom), then you need to go here and click REMOVE (which is linked very obviously from the Phonebook in Facebook): http://www.facebook.com/contact_impo...r=%2Fphonebook .
    08-11-2011 11:04 AM
  23. EvilMonkey's Avatar
    And once again, a 5 second Google search (mostly) alleviates my concerns:

    The Facebook Scare That Wasn't

    Not going to quote the whole thing, but here's some tidbits:
    If you recently installed the Facebook mobile app onto your smartphone, you had the option to sync your phone contacts with Facebook. For most people, the main payoff was that friends’ Facebook profile pictures would appear onscreen when they called.

    But what you were doing was allowing Facebook to keep tabs on your phone’s contact list (you got a pop-up box basically telling you that). That’s how Facebook is able to determine that the Sam Grobart in your phone is the same Sam Grobart you are friends with on Facebook.

    So Facebook has the content of our phone’s contact list. And that’s because we let it.

    So if you’re Facebook, you think like engineers, and this is where Facebook often gets into trouble — not because they necessarily did a bad thing, but because they didn’t explain themselves well enough. What Facebook could have said is this: “We have these phone numbers from Sam’s phone, and we have phone numbers from Sam’s Facebook friends who have allowed Sam to see them. Having two lists is inefficient; wouldn’t Sam like it if we merged them into one list?” (If you are logged into Facebook you can see the list here.)

    And so, the data is aggregated. Commingled. That’s why you see phone numbers on this list from people whose numbers you never had in your phone: because they put their numbers on Facebook and allowed you to see them. You could always have seen their phone number by going to their profile — all Facebook has done is moved them all into one list.

    It is a list, it should be mentioned, that is visible only to you. No one else can see your list. It is not “published” in the way people mean when they mean something has been made available for public consumption.

    Meredith Chin, a spokeswoman for Facebook, explained that this feature was neither new nor altered. “We’ve had this for quite some time,” she said. Facebook issued a statement on its site that reads: “Rumors claiming that your phone contacts are visible to everyone on Facebook are false. Our Contacts list, formerly called Phonebook, has existed for a long time. The phone numbers listed there were either added directly to Facebook and shared with you by your friends, or you have previously synced your phone contacts with Facebook. Just like on your phone, only you can see these numbers.”

    Facebook is doing a couple of things by merging contacts: it’s trying to provide a convenience to users (“Hey look! We pulled all these phone numbers together for you in one place!”) and in doing that, it’s clearly trying to become the center of all your communication needs (see: the new Facebook Messenger app, introduced Tuesday). By collecting all this information, Facebook is most likely hoping it can take over spaces currently occupied by companies like AOL (via its AIM instant-message service), Skype, GroupMe and even telephone and e-mail providers.
    Also, I did find the setting. If you just go into the app's settings and turn off "Sync Contacts" (last item at the bottom), then you need to go here and click REMOVE (which is linked very obviously from the Phonebook in Facebook): http://www.facebook.com/contact_impo...r=%2Fphonebook

    Problem solved, tinfoil hat removed. Internet whining session not averted. Facebook (as mentioned in the article above), should just be more clear about it.
    08-11-2011 11:15 AM
  24. BlackHawkA4's Avatar
    I love this mess messenger app, lol. Google has a huddle app. Which, is really just a shortcut to their main app to get into huddles. What do we do?! Let's make a stand alone app. Which is just the messages app from the regular app removed and repackaged. So, instead of having a shortcut. You now have 2 apps. Copy. Print!

    I thought they did shut down facebook yesterday, lol. The mobile site was down.
    08-11-2011 12:47 PM
  25. DenverRalphy's Avatar
    The Sync Contacts from FB is nothing new. Is it annoying? If you didn't set it properly, then yes.

    However... what does the contacts syncing have to do in any way with the SMS permissions you started this thread over?
    08-11-2011 02:44 PM
28 12
LINK TO POST COPIED TO CLIPBOARD